Sabo/webui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restrict /api/media allowed roots — remove ~ (home dir)

Browse Source
This commit is contained in:
Nathan Esquenazi
2026-04-14 19:35:52 +00:00
committed by Hermes Agent
parent 0349df6ee4
commit 5507dae3d7
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
api/routes.py
View File

@@ -1521,13 +1521,22 @@ def _handle_media(handler, parsed):
except Exception: except Exception:
return bad(handler, "Invalid path", 400) return bad(handler, "Invalid path", 400)
# Allowed roots: hermes home, /tmp, common screenshot cache dirs # Allowed roots: hermes home, /tmp, and active workspace.
# Intentionally NOT the entire home dir — that would expose ~/.ssh,
# ~/.aws, browser profiles, etc. to any authenticated user.
allowed_roots = [ allowed_roots = [
_HERMES_HOME.resolve(), _HERMES_HOME.resolve(),
Path("/tmp").resolve(), Path("/tmp").resolve(),
(_HOME / ".hermes").resolve(), (_HOME / ".hermes").resolve(),
_HOME.resolve(), # allow any file under the user's home
] ]
# Also allow the active workspace directory (where screenshots land)
try:
from api.workspace import get_last_workspace
ws = Path(get_last_workspace()).resolve()
if ws.is_dir():
allowed_roots.append(ws)
except Exception:
pass
within_allowed = any( within_allowed = any(
_os.path.commonpath([str(target), str(root)]) == str(root) _os.path.commonpath([str(target), str(root)]) == str(root)
for root in allowed_roots for root in allowed_roots